package exploits
import (
"bytes"
"crypto/aes"
"crypto/cipher"
"crypto/hmac"
"crypto/sha1"
"crypto/sha256"
"encoding/base64"
"encoding/hex"
"fmt"
"git.gobies.org/goby/goscanner/godclient"
"git.gobies.org/goby/goscanner/goutils"
"git.gobies.org/goby/goscanner/jsonvul"
"git.gobies.org/goby/goscanner/scanconfig"
"git.gobies.org/goby/httpclient"
"log"
"net/url"
"regexp"
"strconv"
"strings"
"time"
)
func init() {
expJson := `{
"Name": "Progress Telerik UI for ASP.NET AJAX Deserialization (CVE-2019-18935)",
"Description": "<p>Telerik UI for ASP NET AJAX is a set of UI components widely used in web applications, reducing the time required to build web forms applications for any browser and device by half. Telerik UI for ASP NET AJAX is a complete ASP NET AJAX user interface development toolkit.</p><p>Telerik UI for ASP NET AJAX has an RCE vulnerability caused by deserialization, which allows attackers to execute code on the server side, write backdoors, gain server privileges, and ultimately control the entire web server.</p>",
"Impact": "<p>Telerik UI for ASP NET AJAX has an RCE vulnerability caused by deserialization, which allows attackers to execute code on the server side, write backdoors, gain server privileges, and ultimately control the entire web server.</p>",
"Recommendation": "<p>1. The manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: <a href=\"https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization\">https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization</a></p><p>2. If not necessary, public network access to the system is prohibited.</p><p>3. Set access policies and whitelist access through security devices such as firewalls.</p>",
"Product": "Telerik-UI",
"VulType": [
"Code Execution"
],
"Tags": [
"Code Execution"
],
"Translation": {
"CN": {
"Name": "Telerik UI ASP.NET AJAX 反序列化 RCE 漏洞(CVE-2019-18935)",
"Product": "Telerik-UI-for-ASP.NET",
"Description": "<p>Telerik UI for ASP.NET AJAX 是一套广泛用于 Web 应用程序的 UI 组件,将为任何浏览器和设备构建Web Forms应用程序的时间缩短一半。Telerik UI for ASP.NET AJAX是完整的 ASP.NET AJAX 用户界面开发工具集。</p><p>Telerik UI for ASP.NET AJAX 存在反序列化导致的 RCE 漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。<br></p>",
"Recommendation": "<p>1、厂商已发布升级补丁以修复漏洞,补丁获取链接: <a href=\"https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization\" target=\"_blank\">https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization</a></p><p>2、如非必要,禁止公网访问该系统。<br></p><p>3、通过防火墙等安全设备设置访问策略,设置白名单访问。</p>",
"Impact": "<p>Telerik UI for ASP.NET AJAX 存在反序列化导致的 RCE 漏洞,攻击者可通过该漏洞在服务器端任意执行代码,写入后门,获取服务器权限,进而控制整个web服务器。<br></p>",
"VulType": [
"代码执行"
],
"Tags": [
"代码执行"
]
},
"EN": {
"Name": "Progress Telerik UI for ASP.NET AJAX Deserialization (CVE-2019-18935)",
"Product": "Telerik-UI",
"Description": "<p>Telerik UI for ASP NET AJAX is a set of UI components widely used in web applications, reducing the time required to build web forms applications for any browser and device by half. Telerik UI for ASP NET AJAX is a complete ASP NET AJAX user interface development toolkit.</p><p>Telerik UI for ASP NET AJAX has an RCE vulnerability caused by deserialization, which allows attackers to execute code on the server side, write backdoors, gain server privileges, and ultimately control the entire web server.</p>",
"Recommendation": "<p>1. The manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is: <a href=\"https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization\">https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization</a></p><p>2. If not necessary, public network access to the system is prohibited.</p><p>3. Set access policies and whitelist access through security devices such as firewalls.</p>",
"Impact": "<p>Telerik UI for ASP NET AJAX has an RCE vulnerability caused by deserialization, which allows attackers to execute code on the server side, write backdoors, gain server privileges, and ultimately control the entire web server.<br></p>",
"VulType": [
"Code Execution"
],
"Tags": [
"Code Execution"
]
}
},
"FofaQuery": "body=\"Telerik.Web.UI, Version=\" || (body=\"Telerik.Web.UI.WebResource.axd\" || body=\"content=\\\"Sitefinity\")",
"GobyQuery": "body=\"Telerik.Web.UI, Version=\" || (body=\"Telerik.Web.UI.WebResource.axd\" || body=\"content=\\\"Sitefinity\")",
"Author": "go0p@",
"Homepage": "https://www.telerik.com",
"DisclosureDate": "2019-12-11",
"References": [
"https://bishopfox.com/blog/cve-2019-18935-remote-code-execution-in-telerik-ui",
"https://github.com/noperator/CVE-2019-18935",
"https://github.com/bao7uo/RAU_crypto",
"https://www.telerik.com/support/kb/aspnet-ajax/details/allows-javascriptserializer-deserialization"
],
"HasExp": true,
"Is0day": false,
"Level": "3",
"CVSS": "9.8",
"CVEIDs": [
"CVE-2019-18935"
],
"CNVD": [],
"CNNVD": [
"CNNVD-201912-504"
],
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/",
"follow_redirect": false,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExpParams": [
{
"name": "attackType",
"type": "select",
"value": "reverse",
"show": ""
}
],
"ExpTips": {
"type": "",
"content": ""
},
"AttackSurfaces": {
"Application": [
"Telerik-Sitefinity"
],
"Support": [],
"Service": [],
"System": [],
"Hardware": []
},
"CVSSScore": "9.3",
"PostTime": "2023-12-08",
没有合适的资源?快使用搜索试试~ 我知道了~
资源推荐
资源详情
资源评论
收起资源包目录
2024Goby2024年新POC.zip (1307个子文件)
CVD-2021-15322.go 427KB
CVD-2024-2757.go 129KB
CVD-2021-14694.go 116KB
CVD-2021-1860.go 108KB
CVD-2021-1860.go 108KB
Esafenet_Document_Security_Management_System_SystemService_RCE.go 84KB
CVD-2024-1537.go 72KB
CVD-2023-2626.go 54KB
CVD-2021-15810.go 53KB
CVD-2024-1134.go 51KB
CVD-2023-0787.go 47KB
CVD-2022-3409.go 46KB
CVD-2022-3409.go 46KB
CVD-2021-3217.go 44KB
CVD-2023-3286.go 42KB
CVD-2021-9269.go 40KB
CVD-2021-9269.go 40KB
CVD-2021-12980.go 34KB
CVD-2021-3494.go 34KB
Ysk_ERP_Shiro_Deserialization_Vulnerability.go 33KB
CVD-2024-1571.go 32KB
CVD-2023-2671.go 31KB
CVD-2023-2674.go 31KB
CVD-2024-2436.go 30KB
CVD-2024-3099.go 30KB
CVD-2024-3200.go 30KB
CVD-2023-2570.go 30KB
CVD-2021-15977.go 29KB
CVD-2021-15977.go 29KB
CVD-2024-2592.go 29KB
CVD-2024-2968.go 28KB
CVD-2023-2565.go 27KB
CVD-2022-5308.go 26KB
CVD-2024-0743.go 26KB
CVD-2024-0739.go 26KB
CVD-2023-2642.go 25KB
CVD-2023-1322.go 25KB
FEBS_Shiro_Deserialization_Vulnerability.go 25KB
LuckyFrameWeb_Shiro_Deserialization_Vulnerability.go 25KB
ForgeRock_AM_Deserialization_Vulnerability.go 25KB
Dreamer_CMS_Shiro_Deserialization_Vulnerability.go 25KB
CVD-2024-2547.go 25KB
TIMO_Shiro_Deserialization_Vulnerability.go 24KB
CVD-2023-2893.go 24KB
J2eeFAST_Shiro_Deserialization_Vulnerability.go 24KB
pb_cms_Shiro_Deserialization_Vulnerability.go 24KB
Guns_Shiro_Deserialization_Vulnerability.go 24KB
CVD-2022-3330.go 24KB
CVD-2022-1808.go 24KB
CVD-2024-2620.go 23KB
CVD-2023-2669.go 23KB
CVD-2024-0707.go 23KB
CVD-2024-0905.go 23KB
MCMS_Shiro_Deserialization_Vulnerability.go 23KB
CVD-2022-5006.go 23KB
EasyReport_Shiro_Deserialization_Vulnerability.go 22KB
CVD-2023-2610.go 22KB
CVD-2021-7355.go 22KB
OneBlog_Shiro_Deserialization_Vulnerability.go 22KB
RuoYi_plus_Shiro_Deserialization_Vulnerability.go 22KB
CVD-2023-3068.go 22KB
JavaWeb_Layui_Shiro_Deserialization_Vulnerability.go 22KB
CVD-2022-1743.go 22KB
CVD-2024-2946.go 22KB
CVD-2024-2847.go 22KB
QVIS_NVR_Camera_Management_System_RCE.go 21KB
DaouOffice_Shiro_Deserialization_Vulnerability.go 21KB
CVD-2024-2908.go 21KB
CVD-2024-3095.go 21KB
CVD-2021-4847.go 21KB
CVD-2024-0683.go 21KB
Apache_OFBiz_xmlrpc_Deserialization_Vulnerability.go 21KB
FH_Admin_Shiro_Deserialization_Vulnerability.go 21KB
CVD-2023-1339.go 21KB
Yonyou_NC_Deserialization_Vulnerability.go 21KB
CVD-2022-5414.go 21KB
CVD-2022-3000.go 20KB
CVD-2021-14572.go 20KB
CVD-2022-2996.go 20KB
CVD-2024-2605.go 20KB
CVD-2024-2631.go 20KB
CVD-2023-3276.go 20KB
CVD-2024-0784.go 20KB
CVD-2021-5943.go 20KB
CVD-2023-2692.go 19KB
CVD-2023-2692.go 19KB
CVD-2022-4179.go 19KB
CVD-2022-5305.go 19KB
CVD-2022-2330.go 19KB
CVD-2021-2817.go 19KB
CVD-2024-2726.go 18KB
CVD-2024-2533.go 18KB
Liferay_Portal_6.1.1_CE_GA2_CB_Deserialization_Vulnerability.go 18KB
CVD-2021-15773.go 18KB
CVD-2024-2918.go 18KB
CVD-2024-3230.go 18KB
CVD-2024-2856.go 18KB
CVD-2024-2856.go 18KB
CVD-2024-3002.go 18KB
GoAnywhere_MFT_Deserialization_Vulnerability.go 18KB
共 1307 条
- 1
- 2
- 3
- 4
- 5
- 6
- 14
资源评论
Amonologue911
- 粉丝: 8
- 资源: 1
上传资源 快速赚钱
- 我的内容管理 展开
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
最新资源
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功